CN120528842B - A virtual machine network connectivity testing method, device, medium and product - Google Patents
A virtual machine network connectivity testing method, device, medium and productInfo
- Publication number
- CN120528842B CN120528842B CN202511013883.4A CN202511013883A CN120528842B CN 120528842 B CN120528842 B CN 120528842B CN 202511013883 A CN202511013883 A CN 202511013883A CN 120528842 B CN120528842 B CN 120528842B
- Authority
- CN
- China
- Prior art keywords
- target
- network
- virtual machine
- detection
- port
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
本申请公开了一种虚拟机网络连通性测试方法、设备、介质及产品,涉及云计算技术领域,应用于检测服务,检测服务配置有单个预设检测网卡,预设检测网卡连接多个l2gateway端口,每一l2gateway端口对应一个虚拟路由器,各l2gateway端口的IP地址和MAC地址相同,包括:从预设映射关系表中确定与待测的目标虚拟机对应的目标网络标签;基于目标网络标签封装得到检测报文,并利用预设检测网卡将检测报文发送至与标签匹配的目标l2gateway端口;确定与目标l2gateway端口匹配的目标虚拟路由器,以便目标l2gateway端口将检测报文转发至目标虚拟路由器中的目标虚拟机,以进行网络连通性测试。
The present application discloses a virtual machine network connectivity test method, device, medium and product, which relate to the field of cloud computing technology and are applied to a detection service. The detection service is configured with a single preset detection network card, the preset detection network card is connected to multiple L2gateway ports, each L2gateway port corresponds to a virtual router, and the IP address and MAC address of each L2gateway port are the same. The method includes: determining a target network label corresponding to a target virtual machine to be tested from a preset mapping relationship table; encapsulating a detection message based on the target network label, and sending the detection message to a target L2gateway port matching the label using the preset detection network card; determining a target virtual router matching the target L2gateway port, so that the target L2gateway port forwards the detection message to a target virtual machine in the target virtual router to perform a network connectivity test.
Description
Technical Field
The invention relates to the technical field of cloud computing, in particular to a virtual machine network connectivity testing method, equipment, medium and product.
Background
With the rapid development of cloud computing technology, the number of virtual machines in a cloud platform is increasing in a explosive manner. Wherein the cloud platform provides network communication capability for the virtual machine through the virtual network, however, the complexity of the virtual network may cause network anomalies of the virtual machine, such as communication interruption caused by network component failure or configuration errors.
Network connectivity of virtual machines is currently tested primarily through deployment detection services. However, in the conventional scheme, each virtual router needs to configure an independent physical network card to communicate with the detection service, and when the number of virtual routers is huge, a large number of network cards need to be deployed for the detection service node, so that hardware cost and management complexity are increased.
In summary, under the condition of limited hardware resources, how to efficiently and automatically perform network connectivity test on the virtual machine by the detection service, and realize simplification of detection service deployment are the problems to be solved at present.
Disclosure of Invention
In view of the above, the present invention aims to provide a method, an apparatus, a medium, and a product for testing network connectivity of a virtual machine, which can efficiently and automatically test network connectivity of a virtual machine by a detection service under the condition of limited hardware resources, and simplify the deployment of the detection service. The specific scheme is as follows:
in a first aspect, the present application discloses a method for testing network connectivity of a virtual machine, which is applied to a detection service, the detection service is configured with a single preset detection network card, the preset detection network card is connected with a plurality of l2gateway ports, each l2gateway port corresponds to a virtual router, and the IP address and the MAC address of each l2gateway port are the same, the method includes:
Determining a target virtual machine to be tested, and determining a target network label corresponding to the target virtual machine from a preset mapping relation table, wherein the preset mapping relation table is used for recording the mapping relation between each network label and all virtual machines in the corresponding virtual router;
obtaining a detection message based on target network label encapsulation, and sending the detection message to a target l2gateway port matched with the target network label by utilizing a preset detection network card;
And determining a target virtual router matched with the target l2gateway port so that the target l2gateway port forwards the detection message to a target virtual machine in the target virtual router to perform network connectivity test on the target virtual machine.
Optionally, the virtual machine network connectivity testing method of the present application further includes:
Establishing a corresponding detection network for each virtual router in advance, and configuring a corresponding l2gateway port for each detection network, wherein different detection networks are configured with the same network segment information;
correspondingly, the target l2gateway port forwards the detection message to a target virtual machine in the target virtual router, including:
And determining a target detection network corresponding to the target l2gateway port to forward the detection message to the matched target detection network through the target l2gateway port so that the target detection network forwards the detection message to a target virtual machine in the target virtual router.
Optionally, each virtual router is connected with the corresponding detection network through a router interface, wherein each router interface is preconfigured with a target MAC table for recording the corresponding relation between the IP address and the MAC address of each l2gateway port, so that the target virtual machine returns a response message corresponding to the detection message based on the target MAC table.
Optionally, the detection service is deployed on at least one physical node, and each l2gateway port corresponding to the same physical node is configured with a different network name;
correspondingly, the virtual machine network connectivity testing method of the application further comprises the following steps:
and creating a network bridge in the physical node deployed with the detection service, and mapping the network names of the l2gateway ports on the same physical node to the network bridge, wherein the network bridge and the preset detection network card are in a connection relation.
Optionally, sending the detection message to a target l2gateway port matched with the target network tag by using a preset detection network card, including:
And sending the detection message to the network bridge by using a preset detection network card so that the network bridge can send the detection message to a target l2gateway port matched with the target network tag.
Optionally, each l2gateway port corresponding to the same physical node is configured with a different request tag, and the request tag of any l2gateway port and the network tag corresponding to the matched virtual router have the same value;
Correspondingly, sending the detection message to the target l2gateway port matched with the target network tag by using the preset detection network card, including:
Determining a target l2gateway port matched with a target network tag based on a request tag of each l2gateway port connected with a preset detection network card;
and sending the detection message to the target l2gateway port by using a preset detection network card.
Optionally, the virtual machine network connectivity testing method of the present application further includes:
under the preset network isolation condition, the detection service and the preset detection network card are deployed in a preset network naming space at the same time;
under the preset non-network isolation condition, the detection service and the preset detection network card are deployed on the host machine at the same time.
Optionally, the process of performing the network connectivity test on the target virtual machine further includes:
judging whether a response message sent by the target virtual machine and aiming at the detection message is obtained in a preset time period or not;
If the response message is obtained, judging that the network connectivity test of the target virtual machine passes, otherwise, judging that the network connectivity test of the target virtual machine fails.
Optionally, after determining that the network connectivity test of the target virtual machine fails, the method further includes:
acquiring a state monitoring result of a target table in a current southbound database;
and determining the fault type based on the state monitoring result, and outputting corresponding log data or alarm information.
Optionally, the target table includes a port_binding table, a Chassis_private table and an SB_Global table;
correspondingly, determining the fault type based on the state monitoring result, and outputting corresponding log data or alarm information, including:
If the up field value of the Port corresponding to the target virtual machine in the Port_binding table is monitored to be false, outputting log information used for representing that the target virtual machine is powered off;
If the nb_cfg field in the Chassis_private table is not consistent with the nb_cfg field in the SB_global table, outputting alarm information for representing node abnormality;
if the version number field in the Port_binding table is monitored to change, outputting alarm information used for representing the change of the control plane.
Optionally, the detection service continuously monitors the state information of the virtual machine recorded in the southbound database based on ovsdb protocol to adjust the target IP list based on the state information of the virtual machine, where the target IP list is used to record the IP address of the virtual machine to be tested currently.
Optionally, adjusting the target IP list based on the virtual machine state information includes:
If the fact that the port_binding table contains the newly added virtual machine is monitored, the IP address of the newly added virtual machine is added to a target IP list;
if the IP address of the first virtual machine in the Port_binding table is monitored to change, updating the changed IP address of the first virtual machine to a target IP list;
If the up field value of the Port corresponding to the second virtual machine in the port_binding table is detected to be false, deleting the IP address corresponding to the second virtual machine from the target IP list.
In a second aspect, the present application discloses an electronic device, comprising:
a memory for storing a computer program;
A processor for executing a computer program to implement the steps of the disclosed virtual machine network connectivity testing method.
In a third aspect, the present application discloses a computer readable storage medium storing a computer program, wherein the computer program when executed by a processor implements the steps of the disclosed virtual machine network connectivity testing method.
In a fourth aspect, the application discloses a computer program product comprising computer programs/instructions which, when executed by a processor, implement the steps of the previously disclosed virtual machine network connectivity testing method.
The application discloses a virtual machine network connectivity test method applied to a detection service, which is characterized in that the detection service is configured with a single preset detection network card, the preset detection network card is connected with a plurality of l2gateway ports, each l2gateway port corresponds to a virtual router, the IP address and the MAC address of each l2gateway port are the same, the method comprises the steps of determining a target virtual machine to be tested, determining target network labels corresponding to the target virtual machine from a preset mapping relation table, the preset mapping relation table is used for recording mapping relation between each network label and all virtual machines in the corresponding virtual router, obtaining a detection message based on encapsulation of the target network labels, transmitting the detection message to the target l2gateway port matched with the target network label by utilizing the preset detection network card, and determining the target virtual router matched with the target l2gateway port so that the target l2gateway port forwards the detection message to the target virtual machine in the target virtual router to conduct network connectivity test on the target virtual machine.
The detection service has the beneficial effects that a single preset detection network card is configured, the preset detection network card is connected with a plurality of l2gateway ports, and each l2gateway port corresponds to one virtual router. That is, the application discloses a scheme for communicating with a virtual machine based on l2gateway ports, and all l2gateway ports share the same detection network card, so that each virtual router does not need to be configured with an independent physical network card to communicate with detection service, the network card number requirement of detection service nodes is greatly reduced, and hardware resources are saved. The application establishes a preset mapping relation table in advance for recording the mapping relation between each network label and all virtual machines in the corresponding virtual router, namely, the application uses different network labels to distinguish different virtual routers. After determining the target virtual machine to be tested, the detection service can directly determine a target network label corresponding to the target virtual machine from a preset mapping relation table, and accurately package the target network label to obtain a detection message. Because the corresponding relation exists between the network label and the virtual router, and each l2gateway port also corresponds to a unique virtual router, the detection message can be rapidly routed to the target virtual router through the target l2gateway port, and then reaches the final target virtual machine to perform network connectivity test, so that network congestion and response delay are avoided, and the instantaneity and the result reliability of the connectivity test are improved. In addition, each l2gateway port in the application adopts the same IP address and MAC address, so that the source IP can be ensured to use the same IP address when the detection service sends the detection message, the virtual machine can conveniently and quickly identify the detection message, and the mode of fixing the source IP can also be ensured to be used only for the detection service, and abuse is prevented. Therefore, through the scheme, the detection service can test the network connectivity of the virtual machines in the plurality of virtual routers only by one detection network card, and the resource occupation is obviously reduced.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present application, and that other drawings can be obtained according to the provided drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a method for testing network connectivity of a virtual machine according to the present application;
FIG. 2 is a schematic diagram of a specific node configuration result according to the present disclosure;
FIG. 3 is a flowchart of a method for testing network connectivity of a virtual machine according to the present disclosure;
fig. 4 is a schematic structural diagram of a virtual machine network connectivity testing apparatus according to the present disclosure;
Fig. 5 is a block diagram of an electronic device according to the present disclosure.
Detailed Description
The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
Network connectivity of virtual machines is currently tested primarily through deployment detection services. However, in the conventional scheme, each virtual router needs to configure an independent physical network card to communicate with the detection service, and when the number of virtual routers is huge, a large number of network cards need to be deployed for the detection service node, so that hardware cost and management complexity are increased. Therefore, the embodiment of the application discloses a method, equipment, medium and product for testing network connectivity of a virtual machine, which can efficiently and automatically test the network connectivity of the virtual machine by detection service under the condition of limited hardware resources and realize simplified deployment of the detection service.
Referring to fig. 1, the embodiment of the application discloses a virtual machine network connectivity testing method, which is applied to a detection service, wherein the detection service is configured with a single preset detection network card, the preset detection network card is connected with a plurality of l2gateway ports, each l2gateway port corresponds to a virtual router, and the IP address and the MAC address of each l2gateway port are the same, and the method comprises:
And S11, determining a target virtual machine to be tested, and determining a target network label corresponding to the target virtual machine from a preset mapping relation table, wherein the preset mapping relation table is used for recording the mapping relation between each network label and all virtual machines in the corresponding virtual router.
In this embodiment, the detection service is configured with a single preset detection network card, where the preset detection network card is connected to a plurality of l2gateway ports, and each l2gateway port corresponds to a virtual router. That is, the application discloses a scheme for communicating with a virtual machine based on l2gateway ports, and all l2gateway ports share the same detection network card, so that each virtual router does not need to be configured with an independent physical network card to communicate with detection service, the network card number requirement of detection service nodes is greatly reduced, and hardware resources are saved. The l2gateway port is a logical port type in ovn (Open Virtual Network ), and ovn is an Open source network virtualization solution based on Open vSwitch (virtual machine switch management software, OVS), and aims to implement construction and management of a software defined network (Software Defined Network, SDN) through automation rules, and includes components such as a southbound database, a northbound database, a distributed controller, and the like. That is, the present application specifically detects connectivity of a virtual machine network under ovn architecture.
In addition, the ovn l2gateway port is used for connecting the physical vlan network and the intra-cloud tunnel network, and is generally not configured with a specific IP address (Internet Protocol Address ), but is configured as a Unknown, so as to ensure that any other IP passes through the port. The l2gateway ports in the application are configured with the same IP Address and MAC Address (MEDIA ACCESS Control Address, local area network Address or physical Address), so that the source IP can use the same IP Address when the detection service sends the detection message, the virtual machine can conveniently and quickly identify the detection message, and a user can determine whether to be detected by configuring a security group, a firewall in the virtual machine and the like. The mode of fixing the source IP can also ensure that the source IP is only used for detection service, prevents abuse and ensures the safety.
In addition, the application establishes a preset mapping relation table in advance for recording the mapping relation between each network label and all virtual machines in the corresponding virtual router, namely, the application uses different network labels to distinguish different virtual routers. After determining the target virtual machine to be tested, the detection service can directly determine the target network label corresponding to the target virtual machine from the preset mapping relation table. The network tag specifically refers to a VLAN tag, which is used to identify to which virtual local area network (Virtual Local Area Network, VLAN) the data frame belongs. The detection service establishes a preset mapping relation table of VLAN labels and IP relations of all virtual machines under the corresponding virtual router, encapsulates VLAN according to the preset mapping relation table when the virtual machine needs to be detected, namely, adds VLAN labels corresponding to the target virtual machine for the data frame, and then sends out detection messages through a preset detection network card. In addition, it should be noted that each virtual router may be connected to multiple virtual machine networks, that is, the virtual router may associate multiple independent virtual machine networks through different ports to implement network isolation and route forwarding, and each virtual machine network may include multiple virtual machine ports, where each port corresponds to one virtual machine, that is, a single virtual machine network may carry multiple virtual machines, and share subnet resources of the network.
In addition, the method further comprises the steps that under the preset network isolation condition, the detection service and the preset detection network card are deployed in the preset network naming space at the same time, and under the preset non-network isolation condition, the detection service and the preset detection network card are deployed in the host machine at the same time. That is, in this embodiment, whether the network isolation condition or the non-network isolation condition is met currently can be determined according to the security requirement, so as to determine whether to use the network namespace for isolation. If isolation from the host machine network is needed, the preset detection network can be added into a network naming space, and the detection service is deployed into the network command space along with the preset detection network card, so that the detection service process needs to run in the network naming space, the detection traffic is prevented from interfering with the host machine service, the host machine network is not affected even if the detection service is attacked after isolation, and the host machine network cannot directly access the preset detection network card, thereby improving the safety. When isolation is not needed, the detection service and the preset detection network card can be deployed on the host machine at the same time, namely, the detection service directly operates on the host machine, and the message is received and transmitted through the preset detection network card.
Further, the method further comprises the steps of creating corresponding detection networks for each virtual router in advance, and configuring corresponding l2gateway ports for each detection network, wherein different detection networks are configured with the same network segment information. That is, in the embodiment of the present application, a corresponding detection network is created for each virtual router, and each detection network is configured with the same network segment information. In a specific embodiment, a network segment for detecting a service may be preset, and it is specified that other network segments used in the cloud platform cannot overlap with the network segment. In addition, a corresponding l2gateway port is configured for each detection network, and each l2gateway port is configured with the same IP address and MAC address. That is, one l2gateway port corresponds to one detection network corresponds to one virtual router.
And step S12, packaging based on the target network label to obtain a detection message, and transmitting the detection message to a target l2gateway port matched with the target network label by using a preset detection network card.
In this embodiment, a detection message is obtained based on the accurate encapsulation of the target network tag, and then the detection message is sent to a target l2gateway port matched with the target network tag by using a preset detection network card. Because the corresponding relation exists between the network tag and the virtual router and the corresponding relation exists between the virtual router and the l2gateway port, the preset detection network card can accurately send the detection message to the matched target l2gateway port according to the target network tag.
The specific scheme for sending the detection message is not limited in this embodiment, and the detection message can be self-researched by python Scapy library, or can be sent by the existing tool hping3, so long as the VLAN message can be packaged, and a required detection protocol can be sent. In addition, the protocol used for sending the detection message is not limited in this embodiment, and may be ICMP (Internet Control Message Protocol ) protocol, TCP (Transmission Control Protocol, transmission control protocol) protocol, or may be configured according to the virtual machine specific service.
The virtual machine network connectivity testing method further comprises the steps of creating a network bridge in the physical node where the detection service is deployed, and mapping the network names of the l2gateway ports on the same physical node to the network bridge, wherein the network bridge and a preset detection network card are in a connection relation.
It can be understood that the application also needs to configure the mechanism information for each l2gateway port, where the mechanism information is used to indicate the physical node where the detection service is deployed, and the detection service can be deployed on at least one physical node. The l2gateway ports may be configured with the same mechanism, or may be different mechanisms, where the same mechanism indicates that the deployed physical nodes are the same. In this embodiment, each l2gateway port corresponding to the same physical node is configured with a different network name (network_name), that is, the l2gateway ports of the same mechanism are configured, and different network_names need to be configured.
Furthermore, in the embodiment of the application, a network bridge is also required to be created in the physical node deployed with the detection service, and the network names of the l2gateway ports on the same physical node are mapped to the network bridge, wherein the network bridge and the preset detection network card are in a connection relationship. That is, in this embodiment, mapping (i.e. mapping) is configured according to each network_name configured to the l2gateway port of the physical node, for example, the channels configured by the l2gateway ports 1, l2gateway ports 2, l2gateway ports 3 are physical nodes node1, the network_name of the l2gateway ports 1, l2gateway ports 2, l2gateway ports 3 are t1, t2, t3 respectively, and then mapping of the corresponding network_name is required to be configured on the physical node1, i.e. t1: br-tvm, t2: br-tvm, t3: br-tvm. The bridge identified in mapping, br-tvm, is created. Therefore, the application configures different network_names, such as t1, t2 and t3, for the l2gateway ports configured with the same mechanism, so as to configure mapping relation (mapping) on the physical node deployed with the detection service, so as to associate the detection networks of different virtual routers with bridges (such as br-tvm) on the physical node, and ensure that the detection message can be correctly routed to the target virtual router.
In a specific embodiment, sending the detection message to the target l2gateway port matched with the target network tag by using the preset detection network card comprises sending the detection message to the network bridge by using the preset detection network card so that the network bridge sends the detection message to the target l2gateway port matched with the target network tag. That is, since the bridge and the preset detection network card have a connection relationship, the traffic of all l2gateway ports needs to be forwarded through the same physical bridge (br-tvm) to realize the aggregation of the traffic. In this way, the detection service only needs to send the detection message through a single preset detection network card, and the network bridge automatically shunts according to the VLAN tag so as to send the detection message to the matched target l2gateway port.
In addition, it is pointed out that each l2gateway port corresponding to the same physical node is configured with different request labels, the request label of any l2gateway port and the network label corresponding to the matched virtual router have the same value, and correspondingly, the detection message is sent to the target l2gateway port matched with the target network label by using the preset detection network card, wherein the detection message comprises the steps of determining the target l2gateway port matched with the target network label based on the request label of each l2gateway port connected with the preset detection network card, and sending the detection message to the target l2gateway port by using the preset detection network card. It can be understood that l2gateway ports configured with the same channels need to be configured with different request labels (tag_request) in addition to different network names, and the request label of any l2gateway port has the same value as the network label (VLAN label) corresponding to the matched virtual router. In this way, when the preset detection network card sends the detection message to the target l2gateway port matched with the target network tag, the target l2gateway port matched with the target network tag can be determined specifically based on the request tag of each l2gateway port connected with the preset detection network card, so that the detection message is sent to the target l2gateway port, and a rapid matching process is realized.
It should be noted that, because the VLAN tag occupies 12 bits of binary, it can theoretically represent 4096 different values, that is, the value range is 0-4095. However, vlan=0 is used to identify frame priority, 4095 (FFF) is a reserved value, and cannot be used for general VLAN configuration. Therefore, the detection service of a single node can be connected with 4094 virtual routers at most, and after the detection service exceeds the number, the detection service can be deployed on a plurality of physical nodes to realize expansion, so that the large-scale cluster is supported. Meanwhile, in the specific implementation mode, the virtual machines can be divided into different physical nodes according to the number of the virtual machines, and the virtual machines are not necessarily divided into different physical nodes after being limited.
It will be appreciated that single node deployment detection services may become a performance bottleneck, such as tens of thousands of probe requests per second. When the scale of the cloud platform is enlarged, such as tens of thousands of virtual machines, the problem may be faced that single-node performance is bottleneck, namely, the throughput of a CPU/network card of a single detection service instance cannot support high concurrent detection requests;
The delay is uneven, the real-time performance is affected due to the fact that feedback of results is delayed due to accumulation of detection tasks of part of virtual machines, and the fault tolerance is poor, and large-area detection is interrupted due to single-node faults. Thus, in a practical scenario, multiple physical nodes are more used to deploy the detection service. In the scheme of adopting multi-physical node deployment, detection tasks can be intelligently distributed according to a plurality of indexes such as node load, network topology, virtual machine position and the like so as to realize load balancing, and different weight duty ratios can be preset for each index. In particular embodiments, a Master-workbench distributed architecture may be employed. The Master node (scheduler) is responsible for maintaining a global detection task queue, monitoring the states (CPU, memory and network load) of the workbench node, dynamically distributing detection tasks to the workbench node, and binding a local l2gateway port by the workbench node (detection executor for deploying detection service examples, executing detection tasks issued by the Master and returning results.
And S13, determining a target virtual router matched with the target l2gateway port so that the target l2gateway port forwards the detection message to a target virtual machine in the target virtual router to perform network connectivity test on the target virtual machine.
In this embodiment, since each l2gateway port also corresponds to a unique virtual router, the detection message can be rapidly routed to the target virtual router through the target l2gateway port, and further reach the final target virtual machine to perform the network connectivity test, thereby avoiding network congestion and response delay, and improving the real-time performance and the result reliability of the connectivity test. Therefore, through the scheme, the detection service can test the network connectivity of the virtual machines in the plurality of virtual routers only by one detection network card, and the resource occupation is obviously reduced.
In a specific embodiment, the target l2gateway port forwards the detection message to the target virtual machine in the target virtual router, and the method comprises the steps of determining a target detection network corresponding to the target l2gateway port, so that the detection message is forwarded to a matched target detection network through the target l2gateway port, and the target detection network forwards the detection message to the target virtual machine in the target virtual router. That is, since one l2gateway port corresponds to one detection network corresponds to one virtual router, the target l2gateway port forwards the detection message to the matched target detection network, and then the target detection network forwards the detection message to the target virtual machine in the target virtual router. However, in the whole process, the network label (VLAN label) of the detection message is used to identify the whole communication path to send to the target virtual router.
In addition, each virtual router is connected with a corresponding detection network through a router interface, wherein each router interface is preconfigured with a target MAC table for recording the corresponding relation between the IP address and the MAC address of each l2gateway port, so that the target virtual machine returns a response message corresponding to the detection message based on the target MAC table. It can be understood that, in this embodiment, a target MAC table is configured for a router interface on a virtual router, where the router interface is connected to a detection network, and a corresponding relationship between an IP address and a MAC address of l2gateway is recorded in the target MAC table, so that the target virtual machine can return a response message corresponding to the detection message based on the target MAC table, that is, when the target virtual machine replies to the detection service in a reverse direction, it is not necessary to dynamically learn ARP (Address Resolution Protocol ).
Fig. 2 is a schematic diagram of a specific node configuration result disclosed in the present application, and the above scheme is specifically described below with reference to the example shown in fig. 2.
1. Presetting a network segment for detecting service, such as 10.200.10.0/30 shown in fig. 2, wherein the network segment used in the cloud platform cannot be overlapped with the network segment;
2. Presetting a physical node for deploying detection service, such as node1 shown in fig. 2;
3. Creating a detection network for each virtual router and configuring the same network segment information 10.200.10.0/30;
4. An l2gateway port is created for each detection network, the same IP address and MAC address are configured, for example, as shown in fig. 2, the IP address is configured as 10.200.10.2, and the traffic information, that is, node1 deploying the detection service, may be configured with the same traffic, or may be configured with different traffic. In addition, configuring the l2gateway port of the same mechanism requires configuring a different network name (network_name) and a different request tag (tag_request);
5. Configuring the physical node1, and configuring mapping according to each network_name configured to the l2gateway port of the node, for example, as shown in fig. 2, the channels configured by the l2gateway port 1, the l2gateway port 2 and the l2gateway port 3 are all node1, and mapping of the corresponding network_name is required to be configured on the node1, wherein the mapping is t1: br-tvm, t2: br-tvm and t3: br-tvm. Creating a bridge identified in mapping, such as br-tvm;
6. The detection service is configured, a ovs internal type interface is added in the network bridge, and the interface can be named according to the requirement, for example, the t-nic shown in fig. 2. If the detection service is isolated from the host computer network, the t-nic network card can be added into a network naming space, and the detection service is deployed to a network command space along with the t-nic network card or is directly deployed to the host computer;
7. Configuring a target MAC table for a router interface of a connection detection network on a virtual router, and configuring the corresponding relation between an IP address and an MAC address of the upper l2gateway so as to realize reverse reply detection service of the virtual machine without dynamically learning ARP;
8. The detection service establishes a corresponding table of the relation between VLAN tags and the IP addresses of the virtual machines, encapsulates the VLAN according to the corresponding table when the virtual machine is wanted to be detected, and sends out a detection message through the t-nic network card. For example, as shown in fig. 2, when accessing the virtual machine port 1, the VLAN tag, which is the tag_request corresponding to the l2gateway port 1, is 1 through the l2gateway port 1, so that the VLAN of the encapsulation detection packet is 1. Similarly, access to virtual machine port 2, encapsulation vlan=1, access to virtual machine port 4, encapsulation vlan=2.
Therefore, the detection service in the application is configured with a single preset detection network card, and the preset detection network card is connected with a plurality of l2gateway ports, and each l2gateway port corresponds to one virtual router. That is, the application discloses a scheme for communicating with a virtual machine based on l2gateway ports, and all l2gateway ports share the same detection network card, so that each virtual router does not need to be configured with an independent physical network card to communicate with detection service, the network card number requirement of detection service nodes is greatly reduced, and hardware resources are saved. The application establishes a preset mapping relation table in advance for recording the mapping relation between each network label and all virtual machines in the corresponding virtual router, namely, the application uses different network labels to distinguish different virtual routers. After determining the target virtual machine to be tested, the detection service can directly determine a target network label corresponding to the target virtual machine from a preset mapping relation table, and accurately package the target network label to obtain a detection message. Because the corresponding relation exists between the network label and the virtual router, and each l2gateway port also corresponds to a unique virtual router, the detection message can be rapidly routed to the target virtual router through the target l2gateway port, and then reaches the final target virtual machine to perform network connectivity test, so that network congestion and response delay are avoided, and the instantaneity and the result reliability of the connectivity test are improved. In addition, each l2gateway port in the application adopts the same IP address and MAC address, so that the source IP can be ensured to use the same IP address when the detection service sends the detection message, the virtual machine can conveniently and quickly identify the detection message, and the mode of fixing the source IP can also be ensured to be used only for the detection service, and abuse is prevented. Therefore, through the scheme, the detection service can test the network connectivity of the virtual machines in the plurality of virtual routers only by one detection network card, and the resource occupation is obviously reduced.
Referring to fig. 3, the embodiment of the application discloses a specific virtual machine network connectivity testing method, and compared with the previous embodiment, the embodiment further describes and optimizes the technical scheme. The method specifically comprises the following steps:
And S21, determining a target virtual machine to be tested, and determining a target network label corresponding to the target virtual machine from a preset mapping relation table, wherein the preset mapping relation table is used for recording the mapping relation between each network label and all virtual machines in the corresponding virtual router.
And S22, packaging based on the target network tag to obtain a detection message, and transmitting the detection message to a target l2gateway port matched with the target network tag by using a preset detection network card.
And S23, determining a target virtual router matched with the target l2gateway port so that the target l2gateway port forwards the detection message to a target virtual machine in the target virtual router.
And step S24, judging whether a response message aiming at the detection message and sent by the target virtual machine is obtained in a preset time period.
In this embodiment, after the detection message is successfully sent to the target virtual machine, the detection service may perform timing operation through the timer at this time, and determine whether a response message sent by the target virtual machine and aiming at the detection message is obtained within a preset time period. The specific value of the preset time period can be specifically set according to specific situations.
And S25, if the response message is acquired, judging that the network connectivity test of the target virtual machine passes.
In this embodiment, if a response message sent by the target virtual machine and aiming at the detection message is obtained within a preset time period, it is determined that the network connectivity test of the target virtual machine passes.
And S26, if the response message is not acquired, judging that the network connectivity test of the target virtual machine fails, acquiring a state monitoring result of a target table in the current southbound database, determining the fault type based on the state monitoring result, and outputting corresponding log data or alarm information.
In this embodiment, if a response message sent by the target virtual machine and aiming at the detection message is not obtained within a preset time period, it is indicated that the network connectivity test of the target virtual machine is not passed. And under the condition of failing to pass, further acquiring a state monitoring result of a target table in the current southbound database, thereby determining the fault type, namely the specific reason of failing to pass the current network connectivity test, according to the state monitoring result, and outputting corresponding log data or alarm information.
In a specific embodiment, the target table comprises a Port_binding table, a Chassis_private table and an SB_Global table, correspondingly, a fault type is determined based on a state monitoring result, corresponding log data or alarm information is output, the method comprises the steps of outputting log information used for representing that the target virtual machine is powered off if the up field value of the Port corresponding to the target virtual machine in the Port_binding table is detected to be false, outputting alarm information used for representing that a node is abnormal if the nb_cfg field in the Chassis_private table is detected to be inconsistent with the nb_cfg field in the SB_global table, and outputting alarm information used for representing that a control surface is changed if the version number field in the Port_binding table is detected to be changed.
It should be noted that the detection service will monitor the state of the southbound database resource in ovn through ovsdb (Open vSwitch Database, open source virtual switch database) protocol, and mainly monitor the port_binding table, the Chassis_private table, the SB_global table, the Chassis table, etc. The Port_binding table is mainly used for recording the Binding relation between a virtual network Port (such as a virtual machine network card and a logical switch Port) and physical/logical resources, wherein an up field related to the Binding table indicates a Port state, true indicates active, false indicates closing or unbinding, a type field indicates a Port type, such as a null character indicates a virtual machine Port, external indicates a bare machine Port, external_ids field indicates an extension field, such as a neutral: revision _number indicates a Port configuration version number of the neutral, and a mechanism field indicates a node bound to the virtual network Port, and if the virtual network Port is not bound, the void field indicates that the Port is unbinding. The Chassis_Private table is used for storing Private state information of the nodes, such as configuration version numbers and internal identifiers, and is only visible to the current node, the related nb_cfg field indicates the configuration version number of the current node locally, the related nb_cfg field is consistent with the nb_cfg field in the SB_Global table, and if the related nb_cfg field is inconsistent with the nb_cfg field, the related nb_cfg field indicates that the nodes are not synchronously and newly configured. The SB_Global table mainly stores Global configuration and version numbers and is used for coordinating the state synchronization of the whole OVN clusters, wherein an nb_cfg field is required to be consistent with an nb_cfg field in the Chassis_private table. The Chassis table is used for recording metadata of all physical or virtual nodes, such as computing nodes and gateway nodes, and the name field related to the Chassis table indicates the name of the physical node, such as node1.
Therefore, after the state monitoring result of the target table is obtained, if the value of the up field of the Port corresponding to the Port of the target virtual machine in the Port_binding table is false, which represents that the network card is removed or the virtual machine is powered off, log information for representing that the target virtual machine is powered off can be directly output without warning. If it is monitored that the nb_cfg field in the Chassis_Private table corresponding to the Chassis bound by the Port_binding table is inconsistent with the nb_cfg field in the SB_Global table, alarm information for representing node abnormality is output, and operation and maintenance personnel are required to judge the condition of the host. If the version number field in the Port_binding table is monitored, namely, the external_ids: neutral: revision _number is changed, which means that the control plane is possibly changed and needs to be identified, the alarm information used for representing the change of the control plane is output. In addition, if the abnormal conditions are not found, the error information needs to be printed to remind operation and maintenance personnel to conduct investigation.
In addition, it should be noted that the detection service can continuously monitor the state information of the virtual machine recorded in the southbound database based on ovsdb protocol, and adjust the target IP list based on the state information of the virtual machine, where the target IP list is used to record the IP address of the virtual machine to be tested currently.
In a specific embodiment, the target IP list is adjusted based on virtual machine state information, and the method comprises the steps of adding an IP address of a new virtual machine to the target IP list if the new virtual machine exists in a Port_binding table, updating the changed IP address of a first virtual machine to the target IP list if the changed IP address of the first virtual machine in the Port_binding table is monitored, and deleting the IP address corresponding to a second virtual machine from the target IP list if the up field value of a Port corresponding to the second virtual machine in the Port_binding table is monitored to be false. That is, the detection service continuously monitors the port_binding table, if there is a new virtual machine in the port_binding table, adds the IP address of the new virtual machine to the target IP list to realize dynamic adjustment of the target IP list, wherein if type=null character, the new virtual machine Port is identified, and if type=external, the new bare machine Port is identified. If the change of the IP address of the first virtual machine in the Port_binding table is monitored, the changed IP address of the first virtual machine is required to be updated to the target IP list. In addition, if the value of the up field of the Port corresponding to the second virtual machine in the port_binding table is detected to be false, the second virtual machine is possibly powered off, so that the IP is not required to be detected any more, the IP address corresponding to the second virtual machine can be deleted from the target IP list, and conversely, if the value of the up field of the Port corresponding to the second virtual machine is true, the detection is continued. In addition, the change of the Chassis_private table can be monitored, if the nb_cfg field in the Chassis_private of a certain node does not change along with the nb_cfg field of the SB_global, or the time for each follow-up change is longer, and an alarm is sent out timely.
For more specific processing procedures in steps S21, S22 and S23, reference may be made to the corresponding contents disclosed in the foregoing embodiments, and no detailed description is given here.
Therefore, the application provides a ovn-based cloud platform virtual machine network test scheme, which can realize detection of all virtual machine networks in a cloud platform. And the aggregation connection of the detection network is realized based on the l2gateway port, so that the number of network cards used for detection is greatly reduced, the complexity of ovn network introduced by detection is reduced, and the complexity of detection program maintenance is reduced. In addition, the application dynamically monitors the southbound database of OVN through ovsdb protocol, maintains the target IP list according to data change, reduces operation and maintenance work, and simultaneously automatically prejudges cluster conditions, thereby facilitating the investigation of operation and maintenance personnel when finding problems.
Referring to fig. 4, the embodiment of the application discloses a virtual machine network connectivity testing device, which is applied to a detection service, wherein the detection service is configured with a single preset detection network card, the preset detection network card is connected with a plurality of l2gateway ports, each l2gateway port corresponds to a virtual router, and the IP address and the MAC address of each l2gateway port are the same, and the device comprises:
the network label determining module 11 is used for determining a target virtual machine to be tested and determining a target network label corresponding to the target virtual machine from a preset mapping relation table, wherein the preset mapping relation table is used for recording the mapping relation between each network label and all virtual machines in the corresponding virtual router;
The packet encapsulation sending module 12 is configured to encapsulate the target network tag to obtain a detection packet, and send the detection packet to a target l2gateway port matched with the target network tag by using the preset detection network card;
And the message forwarding module 13 is configured to determine a target virtual router that matches the target l2gateway port, so that the target l2gateway port forwards the detection message to the target virtual machine in the target virtual router, so as to perform a network connectivity test on the target virtual machine.
Therefore, the detection service in the application is configured with a single preset detection network card, and the preset detection network card is connected with a plurality of l2gateway ports, and each l2gateway port corresponds to one virtual router. That is, the application discloses a scheme for communicating with a virtual machine based on l2gateway ports, and all l2gateway ports share the same detection network card, so that each virtual router does not need to be configured with an independent physical network card to communicate with detection service, the network card number requirement of detection service nodes is greatly reduced, and hardware resources are saved. The application establishes a preset mapping relation table in advance for recording the mapping relation between each network label and all virtual machines in the corresponding virtual router, namely, the application uses different network labels to distinguish different virtual routers. After determining the target virtual machine to be tested, the detection service can directly determine a target network label corresponding to the target virtual machine from a preset mapping relation table, and accurately package the target network label to obtain a detection message. Because the corresponding relation exists between the network label and the virtual router, and each l2gateway port also corresponds to a unique virtual router, the detection message can be rapidly routed to the target virtual router through the target l2gateway port, and then reaches the final target virtual machine to perform network connectivity test, so that network congestion and response delay are avoided, and the instantaneity and the result reliability of the connectivity test are improved. In addition, each l2gateway port in the application adopts the same IP address and MAC address, so that the source IP can be ensured to use the same IP address when the detection service sends the detection message, the virtual machine can conveniently and quickly identify the detection message, and the mode of fixing the source IP can also be ensured to be used only for the detection service, and abuse is prevented. Therefore, through the scheme, the detection service can test the network connectivity of the virtual machines in the plurality of virtual routers only by one detection network card, and the resource occupation is obviously reduced.
Since the embodiments of the device portion correspond to the above embodiments, the embodiments of the device portion are described with reference to the embodiments of the method portion, and are not described herein.
Fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present application. Specifically, the system comprises at least one processor 21, at least one memory 22, a power supply 23, a communication interface 24, an input/output interface 25 and a communication bus 26. The memory 22 is used for storing a computer program, and the computer program is loaded and executed by the processor 21 to implement relevant steps in the virtual machine network connectivity testing method performed by the electronic device disclosed in any of the foregoing embodiments.
In this embodiment, the power supply 23 is configured to provide working voltages for each hardware device on the electronic device 20, the communication interface 24 is capable of creating a data transmission channel with an external device for the electronic device 20, and the communication protocol to be followed is any communication protocol applicable to the technical solution of the present application, which is not specifically limited herein, and the input/output interface 25 is configured to obtain external input data or output data to the external device, and the specific interface type of the input/output interface may be selected according to the specific application needs and is not specifically limited herein.
Processor 21 may include one or more processing cores, such as a 4-core processor, an 8-core processor, etc. The processor 21 may be implemented in at least one hardware form of DSP (DIGITAL SIGNAL Processing), FPGA (Field-Programmable gate array), PLA (Programmable Logic Array ). The processor 21 may also include a main processor, which is a processor for processing data in a wake-up state, also called a CPU (Central Processing Unit ), and a coprocessor, which is a low-power processor for processing data in a standby state. In some embodiments, the processor 21 may integrate a GPU (Graphics Processing Unit, image processor) for rendering and drawing of content required to be displayed by the display screen. In some embodiments, the processor 21 may also include an AI (ARTIFICIAL INTELLIGENCE ) processor for processing computing operations related to machine learning.
The memory 22 may be a carrier for storing resources, such as a read-only memory, a random access memory, a magnetic disk, or an optical disk, and the resources stored thereon include an operating system 221, a computer program 222, and data 223, and the storage may be temporary storage or permanent storage.
The operating system 221 is used for managing and controlling various hardware devices on the electronic device 20 and the computer program 222, so as to implement the operation and processing of the processor 21 on the mass data 223 in the memory 22, which may be Windows, unix, linux. The computer program 222 may further comprise a computer program capable of performing other specific tasks in addition to the computer program capable of performing the virtual machine network connectivity test method performed by the electronic device 20 as disclosed in any of the preceding embodiments. The data 223 may include, in addition to data received by the electronic device and transmitted by the external device, data collected by the input/output interface 25 itself, and so on.
Further, the embodiment of the application also discloses a computer readable storage medium, wherein the storage medium stores a computer program, and when the computer program is loaded and executed by a processor, the steps of the virtual machine network connectivity testing method disclosed in any embodiment are realized.
The embodiment of the invention also discloses a computer program product, which comprises a computer program/instruction, wherein the computer program/instruction realizes the steps of the virtual machine network connectivity testing method disclosed in any of the previous embodiments when being executed by a processor.
In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different point from other embodiments, so that the same or similar parts between the embodiments are referred to each other. For the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant points refer to the description of the method section.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative elements and steps are described above generally in terms of functionality in order to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Those skilled in the art may implement the described functionality using different approaches for each particular application, but such implementation is not intended to be limiting.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. The software modules may be disposed in random access Memory (Random Access Memory, i.e., RAM), memory, read-Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a compact disc Read-Only Memory (Compact Disc Read-Only Memory, i.e., CD-ROM), or any other form of storage medium known in the art.
Finally, it is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises an element.
The foregoing describes the method, apparatus, device and storage medium for testing network connectivity of a virtual machine in detail, and specific examples are provided herein to illustrate the principles and embodiments of the present invention, and the above description of the embodiments is only for aiding in understanding the method and core concept of the present invention, and meanwhile, to those skilled in the art, according to the concept of the present invention, there are variations in the specific embodiments and application scope, so that the disclosure should not be construed as limiting the invention.
Claims (15)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202511013883.4A CN120528842B (en) | 2025-07-23 | 2025-07-23 | A virtual machine network connectivity testing method, device, medium and product |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202511013883.4A CN120528842B (en) | 2025-07-23 | 2025-07-23 | A virtual machine network connectivity testing method, device, medium and product |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN120528842A CN120528842A (en) | 2025-08-22 |
| CN120528842B true CN120528842B (en) | 2025-09-23 |
Family
ID=96750039
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202511013883.4A Active CN120528842B (en) | 2025-07-23 | 2025-07-23 | A virtual machine network connectivity testing method, device, medium and product |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN120528842B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118041811A (en) * | 2024-01-30 | 2024-05-14 | 超聚变数字技术有限公司 | Link detection method and server |
| CN118433061A (en) * | 2024-04-30 | 2024-08-02 | 济南浪潮数据技术有限公司 | Method, device, equipment and medium for testing open virtual network cluster |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103684924B (en) * | 2013-12-26 | 2016-09-07 | 上海原动力通信科技有限公司 | A kind of test system and a kind of method of testing |
| CN109462535A (en) * | 2018-10-23 | 2019-03-12 | 新华三技术有限公司合肥分公司 | A kind of message processing method and device |
-
2025
- 2025-07-23 CN CN202511013883.4A patent/CN120528842B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118041811A (en) * | 2024-01-30 | 2024-05-14 | 超聚变数字技术有限公司 | Link detection method and server |
| CN118433061A (en) * | 2024-04-30 | 2024-08-02 | 济南浪潮数据技术有限公司 | Method, device, equipment and medium for testing open virtual network cluster |
Also Published As
| Publication number | Publication date |
|---|---|
| CN120528842A (en) | 2025-08-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US12047232B2 (en) | Initializing network device and server configurations in a data center | |
| CN111355604B (en) | System and method for user customization and automation operations on software defined networks | |
| CN110830357B (en) | Multi-cloud virtual computing environment provisioning using advanced topology description | |
| CN107947961B (en) | SDN-based Kubernetes network management system and method | |
| US20220311738A1 (en) | Providing persistent external internet protocol address for extra-cluster services | |
| US9503371B2 (en) | High availability L3 gateways for logical networks | |
| EP3944081B1 (en) | Data center resource monitoring with managed message load balancing with reordering consideration | |
| US11258661B2 (en) | Initializing server configurations in a data center | |
| US20170142012A1 (en) | Multiple Active L3 Gateways for Logical Networks | |
| WO2018228302A1 (en) | Virtual network link detection method and device | |
| CN112039682A (en) | Application and practice method of software-defined data center in operator network | |
| US11218370B2 (en) | Method for applying a patch to a virtualized network function to be updated | |
| CN107579900B (en) | Method, device and system for accessing VX L AN network from V L AN network | |
| US11652717B2 (en) | Simulation-based cross-cloud connectivity checks | |
| US12028314B2 (en) | Providing persistent external internet protocol address for extra-cluster services | |
| US10999178B2 (en) | Information processing apparatus and information processing system | |
| CN111711536A (en) | Method for constructing firewall test environment under cloud architecture | |
| US11005745B2 (en) | Network configuration failure diagnosis in software-defined networking (SDN) environments | |
| JPWO2010046977A1 (en) | COMMUNICATION CONTROL PROGRAM, COMMUNICATION CONTROL DEVICE, COMMUNICATION CONTROL SYSTEM, AND COMMUNICATION CONTROL METHOD | |
| US12088493B2 (en) | Multi-VRF and multi-service insertion on edge gateway virtual machines | |
| CN120528842B (en) | A virtual machine network connectivity testing method, device, medium and product | |
| US10924397B2 (en) | Multi-VRF and multi-service insertion on edge gateway virtual machines | |
| US20200213184A1 (en) | Query failure diagnosis in software-defined networking (sdn) environments | |
| CN120017558A (en) | Computer network system, computer networking method, and computer readable medium | |
| CN119728496A (en) | Network traffic processing method and electronic device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |